CVE-2024-8112 thinkgem JeeSite Cookie login cross site scripting

A vulnerability was found in thinkgem JeeSite 5.3. It has been rated as problematic. This issue affects some unknown processing of the file /js/a/login of the component Cookie Handler. The manipulation of the argument skinName leads to cross site scripting. The attack may be initiated remotely. T...

CVE-2024-8112

CVE-2024-8112 affects thinkgem JeeSite 5.3, with the Cookie Handler’s /js/a/login endpoint vulnerable to cross-site scripting. The issue stems from unsafely handling the skinName parameter, enabling remote exploitation. Multiple connected sources corroborate the affected component and payload vec...

PT-2023-24381 · Planet Technologies · Wdrt-1800Ax

Name of the Vulnerable Software and Affected Versions: Planet Technologies WDRT-1800AX version v1.01-CP21 Description: The issue allows attackers to bypass authentication and escalate privileges to root via manipulation of the LoginStatus cookie. Recommendations: For Planet Technologies WDRT-1800...

CVE-2017-14322

The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer IEM prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEMCookieLogin cookie with a specially crafted value...

Login CAPTCHA Bypass Vulnerability in AVTECH Device Cookies

AVTECH, founded in 1996, is one of the world's leading CCTV manufacturers. The main products are surveillance equipment, network cameras, network video recorders and so on. AVTECH device cookie has login authentication code bypass vulnerability.AVTECH device use base64 encoded username and passwo...

齐博CMS任意文件读取(鸡肋，需注册)

简要描述： RT 详细说明： 漏洞一:鸡肋的getshell需注册并能发布文章,需配合apache、iis6解析漏洞 文件 /inc/articfunction.php //采集外部图片 function getoutpic$str,$fid=0,$getpic=1 global $webdb,$lfjuid; if!$getpic return $str; pregmatchall"/http://^ '"+.gif|jpg|png/is",$str,$array; $filedb=$array0; foreach $filedb AS $key=$value if...

Qing bamboo virtual host management system sql injection vulnerability with the backend configured cookie login-vulnerability warning-the black bar safety net

Brief description: Qing bamboo virtual host management systemsql injectionvulnerability Detailed description: Qing bamboo virtual host management systemsql injectionvulnerability NCompany\Index. asp loadfilefromcache templatePath&"NCompany-Index.html" 'load index. html template...

PT-2012-4767 · Red Hat · Katello

Name of the Vulnerable Software and Affected Versions: Katello versions 1.0 and earlier Description: The installation script does not properly generate the Application.config.secret token value, resulting in each default installation having the same secret token. This allows remote attackers to...

DEBIAN-CVE-2005-3787

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via 1 the cookie-based login panel, 2 the title parameter and 3 the table creation dialog...